Serious problem: boot + systemd + luks + selinux + autorelabel = poop
Daniel J Walsh
dwalsh at redhat.com
Wed Jun 22 18:05:41 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/20/2011 10:20 PM, Genes MailLists wrote:
> Sure could use some experts to help me fix this. touching /.autorelabel
> on F15 leads to a horrible situation.
>
> Doing this seems to fail because /run is read-only - and so autorelabel
> never completes - leaving the .autorelabel flag and leaving perpetual
> poop on each reboot.
>
> Booting the machine in this state is possible but very very difficult.
>
> systemd and luks seems to have a problem when things dont go as expected
> - in particular removing rhgb confuses systemd into a terrible state -
> it prints text prompts for luks password but never waits for an answer -
> it also attempts to ask plymouth to do graphical prompt for luks which
> you dont see without some carefully timed series of ESC key presses to
> flip it on and off ... and only in single user mode - perhaps systemd
> does more in multi user mode and gets more confused.
>
> Details:
>
> F15 installed on sandy bridge laptop with i915 intel graphics. The
> laptop has luks encyrpted swap and /home but not /.
>
> I did a "touch /.autorelabel" and rebooted - poo rained upon me in large
> amounts ... very large :-(
>
> At some point the relabel ended and it booted but screen was hung at the
> white balloon. I wasn't watching the relabelling process so ... Hard
> reset - and reboot again.
>
> The machine now hangs during every boot - it hangs with the blue screen
> + balloon - and it no longer gives me the plymouth graphical luks
> password prompt.
>
> Hard reset - reboot removing rhgb and quiet -
>
> I see error:
>
> Unable to fix label of /run: read-only file system.
>
> in red text and it is clearly is trying to finish the relabeling and
> failing on /run.
>
> I see multiple text password prompts for luks password - but it
> doesn't stop - it keeps going - says something about 'forwarding to
> plymouth'.
>
> typing in the luks password into the text console has no effect.
>
> I repeated above but in single user with selinux=0 - now same as
> above - but if I type password and also toggle ESC enough times the
> balloon will eventually show password prompt. Toggling ESC again leads
> me back to text single user prompt.
>
> I can now exit single user and it comes up in multi user mode with
> graphical login.
>
> There is some magic timing to get the series of ESC toggles to get a
> luks password prompt otherwise the just machine hangs.
>
> (a) I dont think graphical prompts should be used in text boot.
>
> (b) systemd needs to wait for the password to be typed in.
>
> (c) what can I do to get the relabel to finish - every boot it keeps
> trying - the /.autorelable file is never removed.
>
> I can no longer boot except doing the above contortions in single user
> + ESC key flipping to get luks password in.
>
> Am very open to ideas how to fix this ... if i remove the
> .autorelabel I assume things will go back to the way they were - but
> clearly there are some issues here.
>
> thanks for any guidance
>
> gene
Boot with enforcing=0 Should allow you to complete the relabel and
remove /.autorelabel
I would then login and yum -y update
And also run restorecon -R -v /var
To make sure everything is ok.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk4CLvUACgkQrlYvE4MpobOhCgCfVY9fWKDF4MFxM/u5l04TmPku
BLYAoJvdbr/nfC1HXbfK71mE22LqTTza
=hWtA
-----END PGP SIGNATURE-----
More information about the users
mailing list